eSecurity Planet

OCTOBER 31, 2023

For example, a Windows XP machine maintained to run critical industrial equipment will be highly vulnerable and easily exploited. For example, if a test was performed on all 1,500 endpoints in an organization and was blocked by the local firewall, it would be better to give this test a name and show that the endpoints passed the test.

Penetration Testing 102

Penetration Testing Computers and Electronics Risk Cybersecurity 102

BH Consulting

NOVEMBER 15, 2022

Closed systems like gaming consoles, for example, are secure because their owners don’t have permission to program them. With perfect timing, during the conference news broke that police had arrested the suspected operator of the LockBit ransomware in Canada. I think we are living in the golden age of cybersecurity.

Social Engineering 59

Social Engineering Insurance CISO Ransomware 59

Digital Shadows

AUGUST 17, 2021

What is Phish(ing)? But, never mind the dozens of other reports and white papers about phishing that come out every year from security industry leaders, let’s take a look at the 2021 Verizon DBIR. Why should I care about Phish? The reason why phishing is still reigning supreme?

Phishing 52

Phishing Accountability Social Engineering Mobile 52

SecureWorld News

DECEMBER 4, 2020

Well, actually, one did: technology, cyber, and privacy are still on the rise and influencing businesses across a wide variety of industries. And 2020 gave us a prime example of how these predictions are now coming true. The 2020 Verizon Breach Report recognizes that phishing attacks are still one of the top attacks that entities face.

Data privacy 52

Data privacy Technology Risk Phishing 52

Security Boulevard

MARCH 24, 2022

On March 15th, research firm ESET reported a new data-wiping malware targeting Ukraine named CaddyWiper. [ 2 ] The threat actor leveraged a set of misconfigured Multi-Factor Authentication (MFA) accounts that enabled it to enroll a new device for MFA and to access the victim network. Like other cyber-criminal operations (e.g.,

Ransomware 57

Ransomware Malware Government Antivirus 57

SecureList

JULY 14, 2021

It consists of sending a spear-phishing email to the victim containing a Dropbox download link. dl=0&file_subpath=%2FCOVID-19+Case+12-11-2020%2FCOVID-19+Case+12-11-2020(2).docx. We found multiple archives like this with file names of government entities in Myanmar, for example “COVID-19 Case 12-11-2020(MOTC).rar”

Malware 144

Malware Phishing Technology Encryption 144

Krebs on Security

APRIL 16, 2020

Security experts are poring over thousands of new Coronavirus-themed domain names registered each day, but this often manual effort struggles to keep pace with the flood of domains invoking the virus to promote malware and phishing sites, as well as non-existent healthcare products and charities. Data: Hold Security.

Cyber threats 282

Cyber threats Phishing Data collection Government 282

Approachable Cyber Threats

DECEMBER 6, 2023

So what’s new this year, what was our methodology, and what was surprising? For example, DDoS attacks and unauthorized encryption (e.g. The DBIR categories (classification patterns) were based on rough statistical clustering of data, not how the cybersecurity industry tends to group them so we’ve provided a bit of clarification below.

Cybersecurity 106

Cybersecurity Social Engineering Data breaches Engineering 106

SecureList

MAY 11, 2022

This year, ransomware is no less active than before: cybercriminals continue to threaten nationwide retailers and enterprises , old variants of malware return while the new ones develop. Deadbolt is an example of ransomware written in a cross-platform language, but currently aimed at only one target – QNAP NAS systems.

Ransomware 111

Ransomware Encryption Malware Cybercrime 111

Jane Frankland

JANUARY 13, 2021

And, as each new government rule has been put in place to keep us safe, physically isolated from one another and in lockdown, it’s moved more of us online – shopping, working and learning – so we can economically function, socially interact, and maintain a sense of normality. But this isn’t all.

Cybersecurity 100

Cybersecurity Risk Government Technology 100

Approachable Cyber Threats

DECEMBER 13, 2022

So what’s new, what was our methodology, and what was surprising? Verizon’s 2022 Data Breach Investigations Report (DBIR) [1] , an industry publication that analyzes cybersecurity incident and breach event data from around the world, found that over 99% of all incident and breach events fall into one of eight major categories.

Data breaches 106

Data breaches Social Engineering Engineering Phishing 106

Approachable Cyber Threats

SEPTEMBER 14, 2021

First, a little background Verizon’s 2021 Data Breach Investigations Report (DBIR) [1] , an industry publication that analyzes cybersecurity incident and breach data from around the world, found that over 99% of all incident and breach events fall into one of only eight major categories. Do those perceptions reflect reality?

Data breaches 98

Data breaches Social Engineering Engineering Phishing 98

Approachable Cyber Threats

DECEMBER 7, 2023

So what’s new this year, what was our methodology, and what was surprising? For the past few years ( 2020 , 2022 ), we’ve shared our research on the data breach perception problem - pointing to the fact that how data breaches occur appears to vary widely between industry sources and how people think they may occur. Keep reading below!

Cybersecurity 52

Cybersecurity Social Engineering Data breaches Engineering 52

Security Boulevard

AUGUST 2, 2022

ThreatLabz has discovered a new strain of a large-scale phishing campaign, which uses adversary-in-the-middle (AiTM) techniques along with several evasion tactics. Similar AiTM phishing techniques were used in another phishing campaign described by Microsoft recently here. Phishing campaign overview.

Phishing 52

Phishing Energy and Utilities Authentication Accountability 52

Approachable Cyber Threats

DECEMBER 13, 2022

Our updated research looks at how data breaches happened, what academia published, what the news covered, and what people Googled. So what’s new, what was our methodology, and what was surprising? We searched for those terms across Google Trends , Google Search , New York Times , The Guardian , and Scite.ai

Data breaches 52

Data breaches Social Engineering Engineering Phishing 52

SecureList

MAY 31, 2021

For example, before making the first internet connection to its C2s, the Sunburst malware lies dormant for up to two weeks, preventing easy detection of this behaviour in sandboxes. Lazarus targets the defence industry. This was a sophisticated attack that employed several methods to try to remain undetected for as long as possible.

Malware 94

Malware Adware Encryption Architecture 94

Security Boulevard

DECEMBER 19, 2023

It’s a thrilling time to work in cybersecurity, but new technology and unprecedented opportunities also present us with extraordinary challenges. The good news? Meanwhile, ransomware operators continue to evolve their techniques and dream up new ways to monetize their attacks. These days, that’s not enough.

Cybersecurity 124

Cybersecurity Encryption Ransomware Backups 124

eSecurity Planet

MAY 28, 2021

Also Read: And the Winner of the 2021 RSA Innovation Contest is… SANS: Five dangerous new attack techniques and vulnerabilities. The SANS Institute presentation, “ The Five Most Dangerous New Attack Techniques ,” is an RSAC staple by this point. Old way New way. Detect Focus on encryption Assume exfiltration.

Software 113

Software Firmware DNS VPN 113

Troy Hunt

FEBRUARY 11, 2019

On reflecting over the last 3 and a half weeks, this is where we seem to be with credential stuffing lists today and I want to use this blog post to explain the thinking whilst also addressing specific questions I've had regarding Collections #2 through #5. Instead of the 2.7B

Passwords 210

Passwords Data breaches Media InfoSec 210

Spinone

MAY 8, 2020

Data has been referred to as the new gold of this century as it represents the most valuable asset that a business possesses. A great example of this is ransomware. In fact, a recent report by ZDNet highlighted the new threat that is evolving where attackers are looking to directly exploit the COVID-19 pandemic in various ways.

Cyber Attacks 78

Cyber Attacks Phishing Backups Ransomware 78

SecureList

MAY 12, 2021

In this report, we take a step back from the day-to-day ransomware news cycle and follow the ripples back into the heart of the ecosystem to understand how it is organized. Idea #2: Targeted ransomware is targeted. An example of an offer to sell access to an organization’s RDP.

Ransomware 123

Ransomware Encryption Malware Cybercrime 123

eSecurity Planet

JUNE 20, 2023

For example, consider RSI, a well established penetration testing consultancy. For example, some multi-billion dollar industrial facilities have the equivalent IT environment of a small law office — and that law office might contain much more sensitive, regulated, and valuable data. This information serves two goals.

Penetration Testing 94

Penetration Testing Social Engineering Engineering eCommerce 94

Elie

DECEMBER 20, 2018

reuse of passwords found in data breaches and phishing attacks. For example, as you can see in the screenshot above, HSBC and Blizzard Entertainment rolled their own proprietary two-factor software that requires you to install their app. Adoption by vertical : Teasing apart 2FA adoption by industry vertical. a lot of studies.

Authentication 90

Authentication Internet Internet Software 90

SecureWorld News

SEPTEMBER 30, 2020

CISOs worry about the latest incident, end of life technology in their environment, breaches in the news, insecure users and vendors, penetration testing results, budget and resources, and the latest vulnerability report (to name a few). Did end-user training really teach the fundamentals to avoid a phishing attack? You get the point.

CISO 73

CISO Penetration Testing Technology Antivirus 73

ForAllSecure

JUNE 21, 2022

So we noticed the evolution was well you can't catch my new shady code if I don't bring some shady code with me. Vamosi: Perhaps Kyle can give us an example of how this works in the real world. My favorite example of how this works is it's not always additive, meaning they need to bring in their own complex payloads.

Ransomware 52

Ransomware Marketing Software Antivirus 52

ForAllSecure

JANUARY 19, 2022

For example, here’s Jerry Lewis in a scene from a 1950s film, where he’s trying to break into a Nazi German military base. When we travel, for example, to a different country, we have this thing called a passport, you know, this physical thing that we hold in our hands. Having two is 2 Factor Authentication.

Passwords 52

Passwords Authentication Mobile Password Management 52

SecureWorld News

NOVEMBER 4, 2021

SecureWorld News researched Iran-backed hackers currently on the FBI's Most Wanted list. In recent news, there have also been gas station cyberattacks , which Iran is claiming were carried out by the U.S. Traditionally, these attacks put an emphasis on social engineering, finding innovative new ways to defraud end-users.

Social Engineering 78

Social Engineering Government DDOS Engineering 78

SecureList

NOVEMBER 14, 2023

In January, ESET discovered a new wiper, deployed in an attack in Ukraine via the Active Directory GPO. Verdict: partially fulfilled 🆗 2. UNC4841 deployed new malware designed to maintain presence on a small subset of high-priority targets compromised either before the patch was released or shortly afterwards.

Hacking 102

Hacking Energy and Utilities Media Malware 102